VulturSec Cloud Methodology

Cloud security assessments focus on the infrastructure of a company or application deployed in a cloud vendor. This type of assessment is important to execute because the cloud assets are not evaluated effectively during a traditional external network assessment or pentest due to that traditional security and cloud security differs on multiple ways like setup, identity, services, privileges, configurations, categories of threats and technology stacks.

Cloud infrastructures can be compromised in a lot of ways and misconfigurations can leave you vulnerable to malicious attackers.

Some examples of potential vulnerabilities in a cloud environment are:

• Internal employees exposition by an external attacker while executing a malicious activity in an asset.
• Misconfiguration that could open a security hole.
• Exposition of AWS IAM keys on public services and/or repositories.
• EC2 instances and application-level exploitation.
• Covering tracks by obfuscating CloudTrail logs,
• Defficient configuration on Cloudtrail/Cloudwatch services leading to difficulties on forensic operations.
• Exposed Docker containers images on Docker repositories services to any anonymous users.
• Lambda functions with application-level vulnerabities could be exposing the Cloud services.
• Exposed Kubernetes API to anonymous users.
• S3 bucket exposing private information due to permissions misconfigurations.

Our methodology requires a user with an SecurityAuditor role (Available on every cloud provider) to take an authenticated look at the environment to provide the best quality assessment. This includes a variety of methods of exploitation and functionalities that could be abused by a malicious attacker.

Even if you are following the best security practicies on the industry, there is always a way to get around all the defenses on your environment. Can you assure that you have the ability to detect, respond, and block an internal malicious attacker?

The principle of least-privilege applied to every service and configuration can difficult an external attacker to gain a higher-privilege access and cause more damage in your network.

If, during our assessment, we discover a critical risk vulnerability, or an indication of an already compromised network, we will report it to you immediatly and work together to remediate the flaws and improve your security to avoid this on the near future.

We provide you with a report at the end of the assesment with all the misconfigurations discovered, with an attack step-by-step description if any complex vulnerability is found, up-to-date risk ratings for each finding, guidance and effective remediation.